Policy Specification, Analysis and Transformation International Technology Alliance in Network and Information Sciences A scenario based demo will illustrate.

Similar presentations

Presentation on theme: "Policy Specification, Analysis and Transformation International Technology Alliance in Network and Information Sciences A scenario based demo will illustrate."— Presentation transcript:

1
Policy Specification, Analysis and Transformation International Technology Alliance in Network and Information Sciences A scenario based demo will illustrate the research concepts in the security policy management area. Demonstration Components SPARCLE Policy Workbench The SPARCLE project is developing a highly usable policy workbench that enables organizations to: Create policies in natural language Connect policy definition to system entities Check policy compliance Provides natural language analysis of textual policies, displays results for expert review, and generates the machine-readable XML version of the policies, with 94% parsing precision. Displays parsing and analysis results for expert review. Transforms the policy sets into machine-readable XML version of the policies. Project Team Mandis Beigi, Carolyn Brodie, Seraphin Calo, David George, Clare-Marie Karat, John Karat, Jorge Lobo, Dinesh Verma, and Xiping Wang (IBM Watson) Morris Sloman, Alberto Schaeffer-Filho (Imperial College) Policy Deployment In our scenario we are working with Self-Managed Cells (SMC) resources SMCs are agents built using the Ponder2 policy framework developed at Imperial College SMC policy service - Ponder2 framework Two types of policies Obligation policies (event-condition-action) define management actions performed in response to events Authorization policies specify which actions are permitted on which resources and services Managed objects to which policies apply can be Internal resources Adapters for external services Policies themselves Policy Specification In Natural Language Subclasses (NLS) In a Formal Language (FL) Abstract Policy Models Goals, High Level Policies In System Context Executable Policies Databases, XML Stores, Rule Engines, State Machines, etc Concrete Policy Sets Information Control Flow Domain Policies Data User Choices & Model Consent Policy Analysis Conflict/Dominance/Coverage Policy Transformation User defined transformation Management SPARCLE NLP Analysis & Transformation Policy Deployment Using Ponder 2 for implementation Policy Analysis Provides a formal process that allows policy administrators to certify the correctness of a policy. Demo highlights the use of advanced algorithms to systematically identify potential problems. Conflict Identification – Check consistency Policies are in conflict if they can be simultaneously applicable and prescribe incompatible actions. Dominance Analysis – Discover redundancies A policy is dominated by one or more other policies when the addition of the first policy does not effect the behavior of the system governed by the set of policies. Coverage Analysis – Check Completeness A set of policies may (or may not) provide definition for a range of input parameters. This analysis method determines if there are gaps in the coverage. Policy Transformation Transform high level policies into low level policies using rule based transformation. Example: Input policy If user is from U.S. then provide high security Transformation rules Replace U.S. with subnet 9.2.x.x Replace high security with 256 bit encryption and DES encryption Output Policy If user is from subnet 9.2.x.x Then use 256 bit encryption and DES encryption Visualization Of Policy Policy Analysis Module Transform Policy Author Policy Ponder Managed Resource Policy Transformations Policy Deployment Ponder Managed Resource Ponder Managed Resource Demonstration Architecture